Securing Java Web Services is a lab-intensive, hands-on JEE security training course, essential for experienced enterprise developers who need to produce secure JEE-based web services. In addition to teaching basic programming skills, this course digs deep into sound processes and practices that apply to the entire software development lifecycle.
Designing, implementing, and deploying secure services presents unique challenges. In addition to dealing with the many vulnerabilities and attacks associated with web applications, web services must address business-oriented concerns such as authentication, authorization, non-repudiation and others. The complicating factor is that all measures must be implemented within the constraints of standards and high-level s of inter-operability. Throughout this course students will thoroughly examine best practices for defensively coding JEE services, including XML processing. Students will repeatedly attack and then defend various assets associated with fully functional web services. This hands-on approach drives home the mechanics of how to secure JEE web services in the most practical of terms.
*Ways To Learn!*
Students who attend Securing Java Web Services will leave the course armed with the skills required to recognize actual and potential software vulnerabilities, implement defenses for those vulnerabilities, and test those defenses for sufficiency. This course quickly introduces developers to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a Java/JEE perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses. Multiple practical labs reinforce these concepts with real vulnerabilities and attacks. Students are then challenged to design and implement the layered defenses they will need in defending their own applications.
This “skills-centric” course is about 50% hands-on lab and 50% lecture, designed to train attendees in secure web application development, coding and design, coupling the most current, effective techniques with the soundest industry practices.
Working in a hands-on learning environment, guided by our expert team, attendees will learn:
Need different skills or topics? If your team requires different topics or tools, additional skills or custom approach, this course may be further adjusted to accommodate. We offer additional Java / JEE programming, secure coding, secure software development, hacking, database security, bug hunting and other related topics that may be blended with this course for a track that best suits your needs. Our team will collaborate with you to understand your needs and will target the course to focus on your specific learning objectives and goals.
This is an intermediate -level programming course, designed for experienced Java developers who wish to get up and running on developing well defended software applications. Familiarity with Java and JEE is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of Java and JEE working knowledge.
Please see the Related Courses tab for specific Pre-Requisite courses, Related Courses that offer similar skills or topics, and next-step Follow-On Courses and Learning Path recommendations.
Please note that this list of topics is based on our standard course offering, evolved from typical industry uses and trends. We’ll work with you to tune this course and level of coverage to target the skills you need most.
Session: Bug Hunting Foundation
Lesson: Why Hunt Bugs?
Lesson: Safe and Appropriate Bug Hunting/Hacking
Session: Securing Applications Foundation
Lesson: Removing Bugs
Lesson: Principles of Information Security
Session: Applying Security to Services
Lesson: Service Challenges
Lesson: Services and Security
Session: Defending Services
Lesson: Defending Web Services
Lesson: Defending Rich Interfaces and REST
Session: Bug Stomping 101
Lesson: Unvalidated Data
Lesson: A1: Injection
Lesson: A2: Broken Authentication
Lesson: A3: Sensitive Data Exposure
Lesson: A4: XML External Entities (XXE)
Lesson: A5: Broken Access Control
Session: Bug Stomping 102
Lesson: A6: Security Misconfiguration
Lesson: A7: Cross Site Scripting (XSS)
Lesson: A8/9: Deserialization/Vulnerable Components
Lesson: A10: Insufficient Logging and Monitoring
Lesson: Spoofing, CSRF, and Redirects
Session: Moving Forward
Lesson: What Next?
Time Permitting:
Lesson: Cryptography Overview
Student Materials: Each participant will receive a Student Guide with course notes, code samples, software tutorials, step-by-step written lab instructions, diagrams and related reference materials and resource links. Students will also receive the project files (or code, if applicable) and solutions required for the hands-on work. Any courseware of lab materials provided in a cloud (if applicable) will also be made available to you separately.
Hands-On Setup Made Simple! Our dedicated tech team will work with you to ensure our ‘easy-access’ cloud-based course environment, or local installation, is accessible, fully-tested and verified as ready to go well in advance of the course start date, ensuring a smooth start to class and effective learning experience for all participants. We can also help you install this course locally if preferred. Please inquire for details and options.
Every-Course Extras = High-Value & Long-Term Learning Support! All Public Schedule courses include our unique EveryCourse Extras package (Post-Course Resource Site access with Review Labs & Live Instructor Follow-on Support, access to QuickSkills recorded High-Value lessons, Free *Live* Course Refresh Re-Takes, early access to Special Offers, Free Courses & more). Please inquire for details.
Live scheduled classes are listed below or browse our full course catalog anytime
Check out custom training solutions planned around your unique needs and skills.
Exclusive materials, ongoing support and a free live course refresh with every class.
Please see the current upcoming available open enrollment course dates posted below. Please feel free to Register Online below, or call 844-475-4559 toll free to connect with our Registrar for assistance. If you need additional date options, please contact us for scheduling.
Course Title | Days | Date | Time | Price | |
---|---|---|---|---|---|
Securing Java / JEE Web Services | Java JEE / Web Services Security | 4 Days | Apr 19 to Apr 22 | 10:00 AM to 06:00 PM EST | $2,595.00 | Register |
Securing Java / JEE Web Services | Java JEE / Web Services Security | 4 Days | Jul 6 to Jul 9 | 10:00 AM to 06:00 PM EST | $2,595.00 | Register |
Securing Java / JEE Web Services | Java JEE / Web Services Security | 4 Days | Aug 23 to Aug 26 | 10:00 AM to 06:00 PM EST | $2,595.00 | Register |
Securing Java / JEE Web Services | Java JEE / Web Services Security | 4 Days | Nov 4 to Nov 7 | 10:00 AM to 06:00 PM EST | $2,595.00 | Register |
Securing Java / JEE Web Services | Java JEE / Web Services Security | 4 Days | Dec 6 to Dec 9 | 10:00 AM to 06:00 PM EST | $2,595.00 | Register |
New Site, BIG Savings!
We're celebrating the launch of our lonnngggg awaited new site with with *50% off all 2021 Public Classes* booked by March 31! Check out our Current Offers for Individuals, Teams and Organizations to Learn for Less!
Special Offers
Limited Offer for most courses.
SAVE 50%